WooCommerce Vulnerabilities FEB 2022
Be informed about the latest WooCommerce Vulnerabilities FEB 2022 Threat Case Study, identified and reported publicly. These breaches create even more problems and vulnerability exploitation with a severe negative impact on your recovery capabilities and business future. Contact us for our WooCommerce security audit.
A jaw-dropping approximated 359.000+ active WordPress e-shops are unable to serve their customers as planned, because of WooCommerce Vulnerabilities FEB 2022. It is a slight -11% decrease compared to last month. The estimated number can increase with premium versions and/or closed versions, as they are private purchases.
If you are serious about your business running an online shop, then you need to pay attention because your WooCommerce is the most crucial factor where disaster hits your customers. In this post, we will share all the latest WooCommerce Vulnerabilities to help you prevent your eshop from revenue loss and angry shoppers backlash. The following cases made headlines PUBLICLY just last month in the WooCommerce Vulnerabilities FEB 2022 category:
TAILORED Woocommerce Services for a hassle-free online business.
- WordPress 5.8.3 Security Release – Stored Cross-Site Scripting (XSS) via Post Slugs
- As with most XSS vulnerabilities, this vulnerability could be used to completely take over a site, or to add a malicious backdoor. However, it can only be exploited by users with the ability to publish posts. This vulnerability allows Authors and WooCommerce Shop Owner to add scripts to a site, but both roles are relatively trusted.
- WOOF – Products Filter for WooCommerce – Reflected Cross-Site Scripting (XSS)
- For WooCommerce plugin Products Filter (WOOF) is product search plugin for WooCommerce that allows your site customers filter products by categories, attributes, products tags, products custom taxonomies and price. Active installations: 100,000+
- myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin – Reflected Cross-Site Scripting (XSS)
- myCred is an intelligent and adaptive points management system that allows you to build and manage a broad range of digital rewards including points, ranks and, badges on your WordPress/WooCommerce powered website. Active installations: 20,000+
- Orders Tracking for WooCommerce – Reflected Cross-Site Scripting (XSS)
- Orders Tracking for WooCommerce is an essential plugin for tracking orders of WooCommerce. This plugin allows shop owners to add, edit, import, export the orders tracking numbers and tracking URLs of every item and order. Then the plugin can send the orders tracking emails, SMS, add the tracking information to PayPal transactions with orders tracking information and tracking URLs. This plugin also integrates the order tracking information with other tracking services. With the advantages of tracking orders, the shop owners can manage tracking orders easily and inform their customers about the orders journey. Likewise, customers will feel secure and comfortable in tracking their orders. Active installations: 10,000+
- Rearrange Woocommerce Products – SQL Injection
- Rearrange Woocommerce Products is a plugin that allows you to rearrange/reorder the default sort order of the products on Woocommerce Shop Page. It also allows to rearrange products based on specific category. Active installations: 10,000+
- YuMoney button – Reflected Cross-Site Scripting (XSS)
- YuMoney Button Plugin is a complete solution for accepting payments for individuals: Woocommerce payment gateway, Gutenberg block and widget. Active installations: 900+
- TrustMate.io – integracja z WooCommerce – Arbitrary Plugin’s Settings Update
- TrustMate.io – integracja z WooCommerce – Arbitrary Blog Option Update
- TrustMate – Reviews for your shop and products at you WooCommerce site. Generate valuable traffic and profit more than others! Active installations: 400+
- Side Cart Woocommerce (Ajax) – Cross-Site Request Forgery (CSRF) to Arbitrary Options Update
- Say good bye to your woocommerce cart page. With side cart users can access cart items from anywhere on your site. Active installations: 60,000+
- Futurio Extra – User Email Address Leakage
- Futurio Extra brings new widgets to be used in Elementor and allows you to import beautiful page templates for Elementor page builder. It also comes with 100% WooCommerce support and custom options. Active installations: 30,000+
- PPOM for WooCommerce – Settings Update to Stored Cross-Site Scripting (XSS)
- WooCommerce PPOM (Personalized Product Option Manager) Plugin adds input fields on product page to personalized your product. Drag & Drop input fields with many options. Prices can also be added with options. All data will be attached with order and email. Active installations: 20,000+
- Login/Signup Popup ( Inline Form + Woocommerce ) – Cross-Site Request Forgery (CSRF) to Arbitrary Options Update
- A simple and lightweight plugin which makes registration, login & reset password process super smooth. You get two awesome fully customizable designs – Popup & Inline form with shortcodes. You can choose which field to keep from the fields manager. Active installations: 20,000+
- Waitlist Woocommerce ( Back in stock notifier ) – Cross-Site Request Forgery (CSRF) to Arbitrary Options Update
- Waitlist for woocommerce lets you track demand for out-of-stock items, ensuring your customers feel informed, and therefore more likely to buy. Active installations: 4,000+
- WordPress Newsletter Plugin – Noptin – Open Redirect
- Noptin is a lightweight Newsletter Plugin For WordPress. Noptin works with WooCommerce out of the box to help you automate your WooCommerce powered store. It is also multisite compatible. Active installations: 4,000+
- Permalink Manager Pro – Reflected Cross-Site Scripting (XSS)
- Permalink Manager is the ultimate solution for editing your posts & category URLs without modifying any core files. It works seamlessly with WooCommerce, ACF, Toolset and all other custom post types and taxonomies. Active installations: N/A
- WOOCS – Currency Switcher for WooCommerce. Professional and Free multi currency plugin – Pay in selected currency – Reflected Cross-Site Scripting (XSS)
- WOOCS – WooCommerce Currency Switcher is free WooCommerce multi currency switcher plugin for woocommerce, that allows your site visitors switch products prices currencies according to set currencies rates in the real time and pay in the selected currency (optionally). WOOCS is multi currency plugin that allows to add any currency to WooCommerce store. Ideal solution to make the serious WooCommerce store site in multiple currencies! Active installations: 60,000+
- WordPress Email Template Designer – WP HTML Mail – Unprotected REST-API Endpoint
- Custom designed WordPress emails for your WooCommerce and EDD transactional emails, contact form notifications, your WordPress core emails, BuddyPress and many more. Active installations: 20,000+
Automate your Woocommerce, then focus on running your store and maximizing sales.
Running an online store pays you dividends beyond just having a good night’s sleep, knowing your customers will find your shop working from early morning to late midnight. The competition online is stiff, and many shoppers are looking for ways to get the best deals.
Any eshop module crash hits shoppers and owners hard. Downtime always has a per hour cost! As soon as your automated selling degrades or crashes, you start losing money. This is the revenue you forfeit every hour you’re down.
Are you able to prevent this? Maybe you depend on a non-existent lifeline!
WHY IS THE COST OF DOWNTIME CRUCIAL?
Cost of Downtime (per hour) = Revenue Loss + Productivity Loss + Recovery Cost + Intangible Cost (e.g. reputation, trust) + Aftermath Cost.
REVENUE LOSS
When your online shop is down, it will not be able to generate sales or revenue. The sad part is that online, your customers immediately go to your competition. This hits hard in the long run of any business.
PRODUCTIVITY LOSS
During downtime, employees get forced to stop working or have to shift to non-revenue-incurring activities, like getting systems back online, or even worst: just simply wait till it’s all back online. So, the cost of downtime increases because salaries, which are fixed costs, will be paid regardless of how much work gets done in those hours.
RECOVERY COST
The cost of downtime is not the only number to consider. Disaster recovery and resuming normal business operations can be costly as well. When outside help needs to be involved, as soon as possible, then whatever that help is, it is a pricey intervention. Also, there is no time to negotiate, as pressure builds each hour being offline.
INTANGIBLE COST
When your reputation suffers, your business suffers. Even the slightest downtime can have a significant impact on your customer’s trust to shift them to your worst nightmare: jumping ship to your competition.
AFTERMATH COST
Unfortunately, the costs keep accruing even after your store is working again. At a minimum, online experts (developers, system engineers, hosting support staff) need to find the root cause, solve it and implement safeguards against future outages. Again a new costly adventure, with an urgency pressure on it.
What is Vulnerability Knowledge?
As time passes, vulnerabilities are discovered in your plugins, theme and the version of WordPress core you are using. Those vulnerabilities (or Security holes) ALWAYS become public knowledge sooner rather, than later.